CRITICAL🇵🇱 Wersja polska

CVE-2025-41742

CVSS 9.8v3.1pub. 2025-12-02upd. 2026-02-23

Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.

🤖 AI Analysis
How it works

The vulnerability stems from the presence of factory-set cryptographic keys in the device software (CWE-1394 — use of hardcoded cryptographic keys). An attacker with knowledge of these keys can establish a remote communication session with the device without needing to provide credentials. This mechanism allows for reading, modifying, and writing projects and data, as well as accessing any device through remote maintenance.

Impact

An attacker can gain full, unauthorized access to the device — read, modify, and write projects and configuration data, as well as take control of devices within remote service maintenance, which in an industrial environment (OT/ICS) can lead to disruption or sabotage of automation processes.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references (https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf). Until the fix is deployed, it is recommended to isolate the network in which the devices operate, restrict access to management and remote maintenance ports exclusively to authorized hosts, and disable remote service maintenance functionality if it is not essential.

Who is affected

Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 (firmware versions indicated in the manufacturer's references)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sprecher Automation Sprecon E C

    HW
    Sprecher-Automation
    wszystkie wersje
  • Sprecher Automation Sprecon E C Firmware

    OS
    Sprecher-Automation
    wszystkie wersje
  • Sprecher Automation Sprecon E P

    HW
    Sprecher-Automation
    wszystkie wersje
  • Sprecher Automation Sprecon E P Firmware

    OS
    Sprecher-Automation
    wszystkie wersje
  • Sprecher Automation Sprecon E T3

    HW
    Sprecher-Automation
    wszystkie wersje
  • Sprecher Automation Sprecon E T3 Firmware

    OS
    Sprecher-Automation
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-41744CRITICAL9.1PL ✓ten sam produkt

Domyślne klucze kryptograficzne w urządzeniach Sprecher Automation SPRECON-E

CVE-2022-4333CRITICAL9.8ten sam produkt

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to t...

CVE-2025-41743MEDIUM4.0ten sam produkt

Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a lo...

CVE-2024-6758MEDIUM6.5ten sam produkt

Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker wi...

CVE-2022-4332MEDIUM6.8ten sam produkt

In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been iden...